On Mon, Nov 29, 2021 at 9:34 AM Josealf.rm <josealf@rocketmail.com> wrote:
Hola Jose,

Private key should be readable just for the user running stunnel. Try

chmod 600 /etc/ssl/private.key

regards,

Gracias, José. The problem now is this:
[ ] Loading private key from file: /etc/ssl/private.key
[!] error queue: ../ssl/ssl_rsa.c:540: error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib
[!] error queue: ../crypto/bio/bss_file.c:290: error:20074002:BIO routines:file_ctrl:system lib
[!] SSL_CTX_use_PrivateKey_file: ../crypto/bio/bss_file.c:288: error:0200100D:system library:fopen:Permission
denied
[!] Service [https]: Failed to initialize TLS context

So, I don't think that is right. I will set it back to 644.

 

> On 29/11/2021, at 9:13 AM, jose isaias cabrera <jicman@gmail.com> wrote:
>
> 
>
> Greetings!
>
> I have duckduckgo'ed and I have not found an answer, but what should be the permissions for the private key since the stunnel is giving me a warning/error regarding that:
> ...
> [ ] Loading private key from file: /etc/ssl/private.key
> [:] Insecure file permissions on /etc/ssl/private.key
> [ ] Private key loaded from file: /etc/ssl/private.key
> ...
>
> this is that I have set:
> jic@web:~$ ls -l  /etc/ssl/private.key
> -rw-r--r-- 1 root www-data 1702 Oct 13 02:54 /etc/ssl/private.key
>
> the www-data is the user that runs the website.  All is running well, apparently, but, I would like to set the correct permission on the private.key file. Thanks for your support.
>
> josé
>
> --
>
> What if eternity is real?  Where will you spend it?  Hmmmm...
> _______________________________________________
> stunnel-users mailing list -- stunnel-users@stunnel.org
> To unsubscribe send an email to stunnel-users-leave@stunnel.org



--

What if eternity is real?  Where will you spend it?  Hmmmm...